wkd_sync/archlinux-keyring-wkd-sync:
Ignore keys with SHA-1 self-signature (by hardcoding them in a readonly
array) so that they will not be synced from WKD.
The Arch Linux WKD setup does not contain keys with SHA-1
self-signatures anymore.
... but with a reasonable delay of five minutes, and limited to three
invocations per hour. After that the service goes into failed state.
This should mitigate service failure caused by intermittent network
issues or server reboot on our side.
wkd_sync/archlinux-keyring-wkd-sync.service.in:
Replace use of explicit script location (i.e. /usr/bin) with
SCRIPT_TARGET_DIR placeholder.
Makefile:
Create WKD sync service file from input file, replacing the
SCRIPT_TARGET_DIR placeholder with $SCRIPT_TARGET_DIR.
wkd_sync/archlinux-keyring-wkd-sync.service -> wkd_sync/archlinux-keyring-wkd-sync.service.in:
This allows using the file as input file, where overriding keywords can
be done using sed.
wkd_sync/archlinux-keyring-wkd-sync.timer:
Add timer which triggers archlinux-keyring-wkd-sync.service to
persistently refresh existing PGP keys of archlinux-keyring weekly with
up to 12h of randomized delay.
wkd_sync/archlinux-keyring-wkd-sync:
Add script to refresh existing keys of archlinux-keyring on user
systems based on the state of the distribution's Web Key Directory
(WKD).
Invalid or revoked keys are ignored.
